IT Security & Privacy

Canadian Securities Regulators Tells Registered Firms to Strengthen Cybersecurity After Review Finds Gaps

The Canadian Securities Administrators did not set out to measure how many firms had suffered cyber incidents. Instead, it examined something more revealing: whether the safeguards meant to prevent those incidents were keeping pace with the way financial firms now operate.

EDPB Draws Sharper Lines Around Anonymous Data & AI Web Scraping

The European Data Protection Board is attempting to answer some of the questions that have lingered around the GDPR almost since the regulation took effect. When is data truly anonymous? What obligations apply when developers scrape the web to train generative AI? And how should organizations think about personal data on blockchain networks?

EU Cybersecurity Survey Finds SMEs Aware of Cyber Resilience Act but Ill-Prepared for Its Demands

Nearly two-thirds of the small and medium-sized businesses surveyed by the European Union’s cybersecurity agency had heard of the Cyber Resilience Act. Knowing that a law exists, however, is not the same as knowing what to do about it.

Dutch Regulators Urge Faster Break From Entrenched IT Dependencies

Five Dutch regulators have asked the government and corporate sector to reconsider a choice that rarely feels momentous when it is made: who supplies the technology beneath the business.

Canada Draws the Line Between Financial Crime Intelligence & Privacy

The Privacy Commissioner of Canada has published new guidance explaining how financial reporting entities should seek approval for codes of practice governing the sharing of personal information to detect money laundering, terrorist financing, and sanctions evasion. On its face, the document is procedural. It explains what organizations need to submit and what the Commissioner will expect before approving a code. But procedural documents often reveal where policymakers believe the difficult work actually lies, and this one suggests the challenge is no longer whether institutions should collaborate. It is how they can do so without weakening the privacy protections that made collaboration difficult in the first place.

AI Is Collapsing the Time Between Vulnerability & Attack, Luxembourg Regulator Warns

In guidance published Tuesday, Luxembourg's Commission de Surveillance du Secteur Financier (CSSF) warned that frontier artificial intelligence models are reshaping the cyber threat landscape by accelerating the speed, scale, and sophistication of attacks. While the technology presents significant opportunities, the regulator said it also gives malicious actors new tools to automate complex tasks, generate sophisticated code, and exploit vulnerabilities more quickly than traditional defensive practices were designed to withstand.

KPMG Survey Finds CISOs Caught Between AI Ambition & Security Reality

For all the attention artificial intelligence receives in boardrooms, one number in KPMG's latest cybersecurity survey stands out because of how ordinary it is. Only 24% of large organizations say AI is fully integrated into their cybersecurity programs. The rest are somewhere in between, testing it in isolated functions, weighing its value, or waiting for confidence to catch up with capability.